A. Field of the Invention
The present invention relates to a portable data carrier having an operating error counter and to a method for safeguarding a command in the data carrier by means of an operating error counter.
B. Related Art
Operating error counters are used in connection with portable data carriers, for example chip cards, for limiting the unauthorized carrying out of security-relevant commands with the aim of attaining security-relevant data of the data carrier. It is known here for example to limit the number of successive false inputs. If this number is overshot the data carrier is blocked. By means of an operating error counter it is also possible to recognize attacks of other kinds on arbitrary commands executed on the data carrier. If for example a computation executed by a command is disturbed by an external action on the data carrier with the aim of spying out secret data involved in the computation using the disturbed result, this can be recognized inside the data carrier by the computation being repeated before a result is output. The output of a computation result is effected only when both computations arrive at an identical result. Otherwise, an attack on one of the computations can be assumed, and a corresponding operating error counter records this attack.
However, an attacker executing a hereinabove described attack on a command of a data carrier, which has been stolen for example, can recognize by an analysis of certain data-carrier parameters, for example by the current consumption, whether the comparison of the two computation results yields identity or not. Thus, the attacker has the possibility to deactivate the data carrier by interrupting the power supply before the operating error counter can record the attack. In this way the attacker can suspend the operating error counter, as it were, and carry out the attack as often as he pleases.
For this reason a newer practice is to already decrement an operating error counter before the executing of the security-relevant command, starting out from a specified positive initial value, and to increment it only when the command has been executed without interruption. In this way a hereinabove described attack can be safely recognized by the operating error counter, because an incrementing of the counter no longer takes place upon an interruption of the power supply during the carrying out of the command. At the next call-up of the command the reading of the operating error counter is accordingly reduced by one. If it is provided that the command is executed in the data carrier only as long as the operating error counter has a positive value, the number of attacks on the command is limited by the initial value of the operating error counter. Extensive attacking of the command can be safely prevented in this way.
But this kind of operating error counter has disadvantages too. If the counter is set too high at the beginning, i.e. ordinarily during the manufacture of the data carrier, in the initialization or personalization phase, there is a risk of the attacker succeeding in an attack at least with a certain, non-negligible probability. The security of the data carrier is thereby lowered. If the initial value is set too low, on the other hand, there is a danger of the counter dropping below the permissible minimum value in the course of the operating time of the data carrier through occasional operating errors of an authorized user or through technical disturbances which for example cause an interruption of the power supply during the execution of the command, and of the data carrier being deactivated, without an attack having taken place. The reliability and lasting operability of the data carrier suffer.
The object of the present invention is to propose a method for safeguarding a data carrier by means of an operating error counter, which combines high security of the data carrier with a reliable and lasting operability of the same.